Report details healthcare's dismal cybersecurity
Networks and internet-connected devices of organizations in virtually every healthcare category, including hospitals, insurance carriers and pharmaceutical companies, have been and continue to be compromised by successful cyberattacks, according to an analysis of malicious traffic by The SANS Institute.
Using data gathered by a live threat intelligence platform between September 2012 and October 2013, it found 49,917 malicious events, 723 malicious source IP addresses and 375 compromised U.S.-based health-related organizations.
"[The results] not only confirmed how vulnerable the [healthcare] industry had become, it also revealed how far behind industry-related cybersecurity strategies and controls have fallen," according to the report.
A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization's own intellectual property and billing systems, according to a release on the report. Compromised networks allow cybercriminals to use the organization's network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.
The report details the following breakdown of malicious traffic by organization type:
- Healthcare providers—72 percent
- Healthcare business associate—9.9 percent
- Health plans—6.1 percent
- Healthcare clearinghouses—0.5 percent
- Pharmaceutical—2.9 percent
- Other related healthcare entities—8.5 percent
"Healthcare organizations are falling further and further behind in their efforts to secure patient data," said Larry Ponemon, chairman of the Ponemon Institute, in a release. Such a large percentage of medical institutions have been victims of a cyberattack, and with costs resulting from such compromises numbering in the millions and billions, it's clear that security of healthcare data must become the priority for healthcare organizations. This report helps sound a very necessary alarm."
"What SANS and Norse have uncovered in this report is, in a word, alarming," stated Sam Glines, CEO of Norse. "The sheer number of attacks being perpetrated against healthcare organizations is overwhelming, while the defenses in place are not nearly enough to neutralize them. So although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price."
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.